Support DoT (DNS-over-TLS) in the app?

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.

https://rethinkfirewall.com/

Apache License 2.0

2.83k stars 144 forks source link

Support DoT (DNS-over-TLS) in the app? #441

Closed PeterDaveHello closed 6 months ago

PeterDaveHello commented 2 years ago

Currently, there're only three types of DNS supported in the app(Screenshot took from RethinkApp v053g):

DNS over HTTPS
DNSCrypt
DNS Proxy

screenshot

rdns dns config: ![RethinkApp v053g Screenshot](https://user-images.githubusercontent.com/3691490/151756302-39eb5b1c-8a2e-474c-896e-eee5b27bf980.jpg)

Just wondering if there's any plan to support DNS over TLS in the App? Thanks!

ignoramous commented 2 years ago

Hm, we can, but it isn't priority over implementing ODoH and DNS over Tor; unless there are use-cases specifically only DoT can address. Thoughts?

PeterDaveHello commented 2 years ago

I'm no expert of DoT or DoH, didn't know any something only DoT can address yet, DoH might be even harder to be blocked, which is good.

Just one small weakness I think that DoH has but DoT might not: the HTTP user-agent header. I saw that the RethinkDNS app will send the user agent string: Intra, though it doesn't contain any personal information, it'll be part of fingerprinting and user profiling, would be great if you'll like to set it to an empty string, currently, iOS and Firefox seems to do so ;)

ignoramous commented 2 years ago

Makes sense: We should remove the user-agent.

DoT doesn't add anything worthwhile (but does add an overhead for us to then maintain the codebase): Of course, DoT has no metadata of the sort that HTTP clients may add, but that really is made up by, as you point out, its ability to get past firewalls.

PeterDaveHello commented 2 years ago

Cool, I tried to prepare a pull request with that needed change, but didn't find out where to modify the user agent, not familiar with app development, do you have any hints?

Update: looks like the user agent string might come from https://github.com/Jigsaw-Code/Intra/, so either remove it there, or overwrite it here.

ignoramous commented 2 years ago

The code may not build as it is in a midst of a rewrite that I abandoned midway (will resume soon), but feel free to make that change and send a PR (:

https://github.com/celzero/firestack/blob/dd39240f8f176476684a0ffa60c226b05fb4250a/intra/doh/doh.go#L357

ignoramous commented 1 year ago

DoT impl is in firestack: https://github.com/celzero/firestack/commit/d72558727bfb394c9c7646557f31abaddbc991ab

UI pending.

ignoramous commented 6 months ago

UI done impl v055b: https://github.com/celzero/rethink-app/releases/tag/v0.5.5b